fedora-security/audit fc4,1.47,1.48
Mark Cox (mjc)
fedora-extras-commits at redhat.com
Tue Aug 23 07:44:22 UTC 2005
Author: mjc
Update of /cvs/fedora/fedora-security/audit
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv1720
Modified Files:
fc4
Log Message:
More FC4 pushes and CVE mails, all up to date apart from the xpdf
update which we need to look at to work out which things if any are
still backported
Index: fc4
===================================================================
RCS file: /cvs/fedora/fedora-security/audit/fc4,v
retrieving revision 1.47
retrieving revision 1.48
diff -u -r1.47 -r1.48
--- fc4 22 Aug 2005 21:30:10 -0000 1.47
+++ fc4 23 Aug 2005 07:44:20 -0000 1.48
@@ -1,16 +1,17 @@
-Up to date CVE as of CVE email 20050817
-Up to date FC4 as of 20050817
+Up to date CVE as of CVE email 20050822
+Up to date FC4 as of 20050822 except xpdf
** are items that need attention
+2005-2499 backport (slocate) [since FEDORA-2005-770]
2005-2491 ** python pcre
2005-2491 VULNERABLE (pcre, fixed 6.2)
2005-2491 ignore (httpd, pcre uses system pcre)
2005-2491 ignore (php, pcre uses system pcre)
-2005-2480 ** squid
-2005-2479 ** squid
-2005-2642 ** mutt
-2005-2641 ** pam_ldap
+2005-2480 VULNERABLE (squid, fixed 2.5.STABLE8) bz#166523
+2005-2479 ** squid not affected
+2005-2642 version (mutt, openbsd only)
+2005-2641 VULNERABLE (pam_ldap) bz#166164
2005-2617 VULNERABLE (kernel, fixed 20050715)
2005-2602 ** firefox
2005-2602 ** thunderbird
@@ -24,7 +25,7 @@
2005-2541 ignore (tar) is documented behaviour
2005-2536 ** pstotext
2005-2500 version (kernel, flaw introduced after 2.6.12)
-2005-2498 ** php xmlrpc
+2005-2498 VULNERABLE (php xmlrpc) bz#165847
2005-2475 VULNERABLE (unzip) bz#164928
2005-2471 backport (netpbm) [since FEDORA-2005-728]
2005-2459 VULNERABLE (kernel, fixed 20050805)
@@ -79,17 +80,17 @@
2005-2260 version (mozilla, fixed 1.7.9) [since FEDORA-2005-619]
2005-2177 version (net-snmp, fixed 5.2.1.2) [since FEDORA-2005-561]
2005-2114 ** mozilla, can't find out when this was fixed upstream
+2005-2103 ** gaim [since FEDORA-2005-751]
+2005-2102 ** gaim [since FEDORA-2005-751]
2005-2101 backport (kdeedu) [since FEDORA-2005-744]
2005-2100 version (kernel, not upstream)
2005-2099 VULNERABLE (kernel, fixed 20050804) bz#164989
2005-2098 VULNERABLE (kernel, fixed 20050804) bz#164988
-2005-2103 ** gaim [since FEDORA-2005-751]
-2005-2102 ** gaim [since FEDORA-2005-751]
2005-2097 backport (cups) [since FEDORA-2005-732]
2005-2097 backport (xpdf) [since FEDORA-2005-729]
2005-2096 backport (zlib) [since FEDORA-2005-523]
2005-2096 backport (rpm) [since FEDORA-2005-565]
-2005-2095 VULNERABLE (squirrelmail)
+2005-2095 version (squirrelmail, fixed 1.4.5) since [FEDORA-2005-780]
2005-2088 backport (httpd) [since FEDORA-2005-639]
2005-2069 VULNERABLE (nss_ldap) http://bugzilla.padl.com/attachment.cgi?id=10&action=view
2005-2023 version (gnupg, fixed 1.9.15)
@@ -104,7 +105,7 @@
2005-1852 version (kdenetwork, fixed 3.4.2) [since FEDORA-2005-670] was backport since FEDORA-2005-624
2005-1849 backport (zlib, fixed 1.2.3) [since FEDORA-2005-626]
2005-1831 ignore (sudo) unsubstantiated report
-2005-1769 VULNERABLE (squirrelmail, fixed 1.4.5)
+2005-1769 version (squirrelmail, fixed 1.4.5) since [FEDORA-2005-780]
2005-1768 version (kernel, fixed 2.6.6)
2005-1767 version (kernel, fixed 2.6.7)
2005-1766 version (HelixPlayer, fixed 1.0.5) [since FEDORA-2005-483]
@@ -232,7 +233,7 @@
2005-0760 version (ImageMagick, fixed 6.0)
2005-0759 version (ImageMagick, fixed 6.0)
2005-0758 version (gzip, fixed 1.3.5)
-2005-0758 VULNERABLE (bzip2) by inspection [#159819]
+2005-0758 VULNERABLE (bzip2) by inspection bz#159819
2005-0757 version (kernel, not 2.6)
2005-0756 version (kernel, fixed 2.6.12) [since FEDORA-2005-510] was backport (kernel) patch-2.6.12-rc5
2005-0755 version (HelixPlayer, fixed 10.0.4)
@@ -278,7 +279,7 @@
2005-0524 version (php, fixed 5.0.4)
2005-0504 version (kernel, doesn't build in 2.6)
2005-0490 version (curl, fixed 7.13.1)
-2005-0488 VULNERABLE (telnet) [#159299]
+2005-0488 VULNERABLE (telnet) bz#159299
2005-0488 backport (krb5) [since FEDORA-2005-553]
2005-0473 version (gaim, fixed 1.1.3)
2005-0472 version (gaim, fixed 1.1.3)
@@ -405,6 +406,7 @@
2004-2395 ** passwd
2004-2394 ** passwd
2004-2392 ** libuser
+2004-2343 ignore (httpd) not a security issue
2004-2302 version (kernel, fixed 2.6.10)
2004-2259 version (vsftpd, fixed 1.2.2)
2004-2228 version (firefox, fixed 1.0)
More information about the fedora-extras-commits
mailing list